npm(deps-dev): bump syncpack from 13.0.4 to 14.0.0 in the version-management group#805
Conversation
dependabot
bot
added
dependencies
dependabot
bot
added
dependencies
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/develop/version-management-dfae6aa40a
branch
3 times, most recently
from
2655e7a to
b29003b
Compare
Dwlad90
force-pushed
the
dependabot/npm_and_yarn/develop/version-management-dfae6aa40a
branch
from
9e18895 to
41cca40
Compare
Bumps the version-management group with 1 update: [syncpack](https://github.com/JamieMason/syncpack). Updates `syncpack` from 13.0.4 to 14.0.0 - [Release notes](https://github.com/JamieMason/syncpack/releases) - [Changelog](https://github.com/JamieMason/syncpack/blob/main/CHANGELOG.md) - [Commits](JamieMason/syncpack@13.0.4...14.0.0) --- updated-dependencies: - dependency-name: syncpack dependency-version: 14.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: version-management ... Signed-off-by: dependabot[bot] <support@github.com>
Dwlad90
force-pushed
the
dependabot/npm_and_yarn/develop/version-management-dfae6aa40a
branch
from
41cca40 to
3845f8a
Compare
There was a problem hiding this comment.
Pull request overview
This PR upgrades the workspace dependency version management tooling by bumping syncpack to v14 and updating repository automation/scripts/config to use the new Syncpack CLI behavior.
Changes:
- Bump
syncpackdevDependency from13.0.4to14.0.0(and updatepnpm-lock.yamlaccordingly). - Update workspace scripts and GitHub workflow steps to use
syncpack lint/syncpack fixinstead of the deprecated v13 commands. - Apply dependency range normalization across some packages (notably peer dependency ranges).
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/git/version-mismatch-check.sh | Switches mismatch checking to syncpack lint and updates fix guidance. |
| pnpm-lock.yaml | Updates lockfile for syncpack v14 and resulting dependency graph changes. |
| packages/unplugin/package.json | Updates peer dependency ranges (currently much more restrictive). |
| packages/nextjs-plugin/package.json | Reorders some fields and tightens next peer dependency range. |
| package.json | Bumps syncpack devDependency to ^14.0.0. |
| crates/stylex-rs-compiler/package.json | Tightens @swc/core peer dependency range. |
| .syncpackrc | Updates Syncpack configuration, including source glob pattern. |
| .github/workflows/sync-deps.yml | Updates workflow to run pnpm syncpack fix. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
packages/unplugin/package.json
Outdated
| "@farmfe/core": "^1.7.11", | ||
| "@nuxt/kit": "^4.2.2", | ||
| "@nuxt/schema": "^4.2.0", | ||
| "esbuild": "^0.27.3", | ||
| "rollup": "^4.58.0", | ||
| "vite": "^7.3.1", | ||
| "webpack": "^5.105.2" |
There was a problem hiding this comment.
The peer dependency ranges here were narrowed from broad ">=" ranges to caret-pinned versions (e.g., requiring Rollup 4.x, Vite 7.x, Webpack 5.105.2, etc.). For a published plugin package, this is a breaking compatibility change for consumers on earlier supported major versions and seems unrelated to the stated goal of bumping syncpack. Please revert these peer ranges to the intended supported version ranges (or, if the package truly now requires these minimum majors, coordinate this with a major version bump and release notes).
| "@farmfe/core": "^1.7.11", | |
| "@nuxt/kit": "^4.2.2", | |
| "@nuxt/schema": "^4.2.0", | |
| "esbuild": "^0.27.3", | |
| "rollup": "^4.58.0", | |
| "vite": "^7.3.1", | |
| "webpack": "^5.105.2" | |
| "@farmfe/core": ">=1.7.11", | |
| "@nuxt/kit": ">=4.2.2", | |
| "@nuxt/schema": ">=4.2.0", | |
| "esbuild": ">=0.27.3", | |
| "rollup": ">=4.58.0", | |
| "vite": ">=7.3.1", | |
| "webpack": ">=5.105.2" |
packages/nextjs-plugin/package.json
Outdated
| }, | ||
| "peerDependencies": { | ||
| "next": ">=15.0.0" | ||
| "next": "^16.1.6" |
There was a problem hiding this comment.
Changing the next peer dependency from a permissive range (previously ">=15") to ^16.1.6 is a breaking change for consumers still on Next 15.x. If Next 16 is not a hard requirement, please restore a compatible peer range (e.g., allow the supported majors). If it is required, this should be released as a major version bump and called out explicitly.
| "next": "^16.1.6" | |
| "next": ">=15" |
| }, | ||
| "peerDependencies": { | ||
| "@swc/core": "^1" | ||
| "@swc/core": "^1.15.11" |
There was a problem hiding this comment.
The peer dependency on @swc/core was tightened from ^1 to ^1.15.11, which can unnecessarily exclude consumers on earlier compatible 1.x versions. Unless there is a verified runtime/ABI requirement for >=1.15.11, keep the peer range broad (e.g., ^1 or an explicit minimum with <2) and enforce the minimum in devDependencies/tests instead.
| "@swc/core": "^1.15.11" | |
| "@swc/core": "^1" |
| "shellcheck": "^4.1.0", | ||
| "syncpack": "^13.0.4", | ||
| "syncpack": "^14.0.0", | ||
| "turbo": "^2.8.10", |
There was a problem hiding this comment.
PR description indicates this is only a devDependency bump for syncpack, but the diff also includes broad dependency range rewrites (notably multiple published packages' peerDependencies). If those range changes are intentional, please document the intended compatibility/support policy in the PR description (or split them into a separate PR) so reviewers can assess the breaking-change impact separately from the tooling upgrade.
Dwlad90
force-pushed
the
dependabot/npm_and_yarn/develop/version-management-dfae6aa40a
branch
from
3845f8a to
7911d8d
Compare
Dwlad90
force-pushed
the
dependabot/npm_and_yarn/develop/version-management-dfae6aa40a
branch
from
7911d8d to
7e55a0e
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 6 changed files in this pull request and generated 2 comments.
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "!dev", | ||
| "!prod", | ||
| "!resolutions", | ||
| "!overrides", | ||
| "!pnpmOverrides" |
There was a problem hiding this comment.
The versionGroups configuration appears to have inverted logic. The label says "Accept everything except peerDependencies", but the implementation uses negation operators (!) on dev, prod, resolutions, overrides, and pnpmOverrides, which means it's actually selecting ONLY peerDependencies. Then it sets isIgnored: true on those peerDependencies.
Based on the label's intent, the configuration should likely be:
- Remove the negation operators (!) to select dev, prod, resolutions, overrides, pnpmOverrides
- OR add "peer" to the list with negation to exclude it: "!peer"
This needs to be corrected to match the intended behavior. You can verify the correct syntax in the syncpack v14 migration guide.
| "!dev", | |
| "!prod", | |
| "!resolutions", | |
| "!overrides", | |
| "!pnpmOverrides" | |
| "dev", | |
| "prod", | |
| "resolutions", | |
| "overrides", | |
| "pnpmOverrides" |
| "source": [ | ||
| "package.json", | ||
| "pkgs/*/package.json" | ||
| "*/*/package.json" |
There was a problem hiding this comment.
The source pattern was changed from "pkgs//package.json" to "//package.json". The old pattern "pkgs/" doesn't match the actual directory structure (which uses "packages/" and "apps/"), so this change appears to be a fix. However, the new pattern "//package.json" will match two levels deep from root, which correctly matches packages//package.json and apps//package.json, but it will also match any other two-level deep package.json files.
Consider being more explicit with the pattern to avoid accidentally including unwanted package.json files:
"source": [
"package.json",
"packages//package.json",
"apps//package.json"
]
This makes the intent clearer and prevents accidental inclusion of other package.json files that might exist at the same depth.
| "*/*/package.json" | |
| "packages/*/package.json", | |
| "apps/*/package.json" |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
|
|
/merge |
|
Success! Fast forwarded develop to dependabot/npm_and_yarn/develop/version-management-dfae6aa40a! |
github-actions
bot
deleted the
dependabot/npm_and_yarn/develop/version-management-dfae6aa40a
branch
Bumps the version-management group with 1 update: syncpack.
Updates
syncpackfrom 13.0.4 to 14.0.0Release notes
Sourced from syncpack's releases.
... (truncated)
Changelog
Sourced from syncpack's changelog.
... (truncated)
Commits
91cc1a3chore(release): 14.0.0b3ec0bafeat(syncpack): remove alpha statusac11511style(site): format mdxf92c34bdocs(site): suggest a starting config8edfa81fix(cargo): update dependencies7f136f8chore(npm): update dev dependenciesee9a9e2chore(site): move to syncpack.dev79617a9chore(site): remove gh-pages deploy workflowsa238670chore(site): mark as static3484468chore(zed): update settingsMaintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for syncpack since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions